403Webshell
Server IP : 104.21.25.180  /  Your IP : 104.23.197.123
Web Server : Apache/2.4.37
System : Linux almalinux.duckdns.org 4.18.0-553.111.1.el8_10.x86_64 #1 SMP Sun Mar 8 20:06:07 EDT 2026 x86_64
User : ricodeal ( 1046)
PHP Version : 7.4.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /usr/share/nmap/scripts/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /usr/share/nmap/scripts/dns-zeustracker.nse
local dns = require "dns"
local ipOps = require "ipOps"
local stdnse = require "stdnse"
local stringaux = require "stringaux"
local tab = require "tab"
local table = require "table"

description = [[
Checks if the target IP range is part of a Zeus botnet by querying ZTDNS @ abuse.ch.
Please review the following information before you start to scan:
* https://zeustracker.abuse.ch/ztdns.php
]]

---
-- @usage
-- nmap -sn -PN --script=dns-zeustracker <ip>
-- @output
-- Host script results:
-- | dns-zeustracker:
-- |   Name                IP        SBL         ASN    Country  Status   Level               Files Online  Date added
-- |   foo.example.com     1.2.3.4   SBL123456   1234   CN       online   Bulletproof hosted  0             2011-06-17
-- |_  bar.example.com     1.2.3.5   SBL123456   1234   CN       online   Bulletproof hosted  0             2011-06-15

author = "Mikael Keri"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"safe", "discovery", "external", "malware"}



hostrule = function(host) return not(ipOps.isPrivate(host.ip)) end

action = function(host)

  local levels = {
    "Bulletproof hosted",
    "Hacked webserver",
    "Free hosting service",
    "Unknown",
    "Hosted on a FastFlux botnet"
  }
  local dname = dns.reverse(host.ip)
  dname = dname:gsub ("%.in%-addr%.arpa",".ipbl.zeustracker.abuse.ch")
  local status, result = dns.query(dname, {dtype='TXT', retAll=true} )

  if ( not(status) and result == "No Such Name" ) then
    return
  elseif ( not(status) ) then
    return stdnse.format_output(false, "DNS Query failed")
  end

  local output = tab.new(9)
  tab.addrow(output, "Name", "IP", "SBL", "ASN", "Country", "Status", "Level",
    "Files Online", "Date added")
  for _, record in ipairs(result) do
    local name, ip, sbl, asn, country, status, level, files_online,
      dateadded = table.unpack(stringaux.strsplit("| ", record))
    level = levels[tonumber(level)] or "Unknown"
    tab.addrow(output, name, ip, sbl, asn, country, status, level, files_online, dateadded)
  end
  return stdnse.format_output(true, tab.dump(output))
end

Youez - 2016 - github.com/yon3zu
LinuXploit